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Immigration, Refugees and Citizenship Canada (IRCC) and the Canada Border Services Agency 


(CBSA) are jointly responsible for the delivery of Canada's immigration program by managing the 
movement of foreign nationals across Canada's borders in order to maintain a balance between 
the desire to welcome newcomers to Canada and the obligation to protect the health, safety, and 
security of Canadian society. Among the responsibilities of these departments are the prevention 
of irregular migration, the prevention of entry into Canada of inadmissible persons as defined by 


inadmissible persons from Canada. 


Accurately establishing identity is crucial to immigration decisions. For more than 20 years, 
biometrics (fingerprints and a photograph) have played a role in supporting immigration screening 
and decision-making in Canada. 


Expanding biometrics will strengthen Canada's immigration programs through effective screening 
(biometric collection, verification, and information-sharing with partner countries). It will also 
enable Canada to facilitate application processing and travel — while maintaining public 
confidence in our immigration system. 


in 2018-19, the CBSA will: 


e Enroll certain foreign nationals applying for a work permit or study permit or temporary 
resident permit (excluding U.S. nationals) to enter Canada through the capture and 
screening of ten-digit fingerprint biometrics at fifty-seven Ports of Entry (POEs); 

* Authenticate foreign nationals enrolled overseas by IRCC through a photo comparison 
and/or fingerprint verification upon arrival at POEs. 


Depending on where they apply, applicants will be able to provide their biometrics in Canada at 
select Service Canada locations and select ports of entry, overseas at Visa Application Centres and 
in the U.S. at U.S. Application Support Centers. 


Biometrics Expansion does not include collecting biometrics from Canadian citizens, citizenship 
applicants (including passport applicants), or existing permanent residents. 
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1 BAU | Blometrics Assessment Unit 
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| BPO | Biometri c Project Office 


| COR | Class of Record 


| CCRTIS | Canadian Criminal Real Time identification Services 


| CIBIDS | Canadian imigration Biometrics Identification System (includes the biometric process 
| | Solution and biometric collect solution) - 


Department of Homeland Security (U. S. j 


Data Protection Authorities 
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| Format Arrangement. 


| FPS | Fingerprint Section Number | 
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| GSP F Government of Canada Security Policy 
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| Interdicti ion and Border Alert System - 
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| IRPR | Immigration and Refugee Protection Regulations 


Pi | Personal Information 
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PoE : Port of Entry 
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| SOW Statement of Work | 
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| Search Response | 
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| Statistics Canada | 


| | Treasury Board Secretariat 
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Traveller Biometric Identity Database 


| TRV : | Temporary Resident Visa 
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United Kingdom 
| United States 


| United States Applicant Support Centre 


7 VAC | visa Application Centre 
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| DEFINITIONS 
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| Action Plan | The Action Plan describes the steps that the Program will take to address risks that bane. 
| | been identified by ATI and Privacy Division, Office of the Privacy Commissioner of Canada | 
| (oro and Treasury Board Secretariat (TBS). 


| Administrative p purpose | The Privacy Act defines an” “administrative purpose” to obe theu use sota an n individual's 
personal information in a decision- -making process that directi y affects that i individual. 
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| Consistent use ds a use that has a reasonable and direct connection to the original m— s) for which 
| the information was obtained or compiled. This means that the original purpose and the 
: | proposed purpose are so closely related that the individual wouid expect that the 

: _ information would be used for the consistent purpose, even if the use is not spelled out. 
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Data Matching a A comparison at personal data obtained from a variety of sources, includi ing personal 
| information banks, for the purpose of making decisions about the individuals to whom 


| the data pertains. Data matching is a specialized activity involving the collection, use and 
j | disclosure of personal information that is subiect to the various requirements of the 
2 Privacy Act. 
i 
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E info Source - is a series of annual TBS publications in which government institutions are required to 
: describe their institutions, program responsibilities and information holdings, including PIBs 
| and classes of personal information. The descriptions are to contain sufficient clarity and 
| detail to facilitate the exercise of the right of access under the Privacy Act. Data-matching 
| activities, use of the SIN and all activities for which privacy impact assessments were 
| conducted have to be cited in Info Source PIBs, as applicable. The info Source publications 
| also provide contact information for government institutions as well as summaries of court 


| cases and statistics on access requests. 


| Personal Information | Information about an identifiable individual as defined in section 3 of the Privacy Act. This 
| definition, although lengthy, is not exhaustive, as indicated by the introductory phrase, 
| "including, without restricting the generality of the foregoing". Information that is not 
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| specifically mentioned in the list may still be included in the definition of persona! 
| information if it qualifies as “information about an identifiable individual". 


| Personal information Bank | ds à déscription of personal information that is organized and teria bua a person's 
j ; name or by an identifying number, symbol or other particular assigned only to that person 
| The personal information described in the personal information bank has been used, is 
| - being used, or is available for an administrative purpose and is under the control of a 
| governi ment institutio 
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pom - The OPC déscribàs ^ privacy" as * . the right to control access to one's person — 
o information about one's self. The right to privacy means that individuals get to decide what 
| : and how much information. to give up, to whom it is s given, and for what u uses. 
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SECTION 1 - OVERVIEW AND INITIATION 


Report Objectives 


This report is a Privacy Impact Assessment (PIA) for the Biometrics Expansion initiative. Biometrics 
Expansion is the evolution of the Temporary Resident Biometrics Program (TRBP) initiative for the 
Canada Border Services Agency (CBSA). This PIA should be considered in conjunction with the 
TRBP PIA which includes analysis on areas of technology and security which are unchanged for 
the Agency. 


The obiectives of this PIA are: 

+ To analyze the introduction of biometric collection at Ports of Entry (POE) in support of 
study permits, work permits and temporary resident permits for all nationalities (other 
than U.S.); and 

+ To analyze the expansion of biometric verification at POEs as it pertains to biometrically 
enrolled travellers seeking entry to Canada. 


PIAs related to immigration information Sharing (115), TRBP and the Primary inspection Kiosk (PIK) 
were provided to the Office of the Privacy Commissioner (OPC) and meetings were held to discuss 
the evolution of primary inspections at Canadian airports. 


The information presented in this report follows the Treasury Board of Canada Secretariat (TBS) 
PIA policy and guidelines. 


The purpose of the PIA process is to ensure that privacy is considered throughout the proiect 
development cycle. The results of a PIA are a documented guarantee that privacy issues have 
been identified and adequately addressed. 


An Annex which includes the systems changes which support Biometrics Expansion has been 
included following the PIA. 


Government Institution: CBSA / Prügratns Branch 


section 10 of the Privacy Act 


Martin Bolduc, Vice President, Programs Dan Proulx, Director, Access to Information and 
Branch Privacy Division 
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Name of Program or Activity of the Government Institution: 


Canada Border Services Agency 


Head of me government institution aj Delegate for 
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| This initiative relates to the 1.3 Admissibility Determination sub- -activity, 1. 3. 2 Air Mode sub-sub-activity 
e | and the 1.3.1 Highway Mode sub-activity. 
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Description of Program a or r Activity: 


1.3 Admissibility Determination — -through th the e Admissibility D Determination program, the CBSA develops, 
maintains and administers the policies, regulations, procedures and partnerships that enable border 


H 
i 
1 


services officers to intercept people and goods that are inadmissible to Car nada, and to process admissible 
people and goods within established service standards. In addition, the Agency develops, maintains and 
adir yi 


ninisters ine MS iic dui see cute to control ina Export of T goods f from 


RRA 


| UE entryt to Canada at 117 designated | land ports of entry whilè ensuring z that admissible nb and 

0 goods are processed within established service standards. Border services officers conduct interviews of 

0 persons and drivers of commercial carriers and then make a decision to allow the entry o of a person or 

shipment or refer them for further processing (e.g., payment of duties and taxes, i issuance of a a document] 
and/or examination (e.g., physical search of a vehicle, further investigation of admissibility). - 


in the commercial stream, im porters are required to account for tt 
required to report their goods. 


ieir goods, and carriers and exporters are 


Examinations may be performed with the use of specialized tools (e.g., gamma ray imaging Vehicle and 


ee apo e ion scanners arid d detector dogs) and fe include a full or partial offload of the 
j one sor z1 weapon]. a waar 


Canada seeking: ent at designated airports while e ensuring athat admissible p peopleai and oodo are process 
within established service standards. Upon arrival, border services officers conduct interviews of persons 
seeking entry into Canada, aided by electronic pre- -arrival risk-assessment information submitted by the 
airlines. CBSA officers make a decision to admit the person or refer them for further processing (e.g., 
payment of dunes s and taxes, issuance e of a } document) t or examination. For " private - and 1 corporate aircraft 


Ae 

| conducted Pa means sof the e telephone ble system- BSOS make a , decision to admit people o or r refer 
them tor further proces ihe < or examination. To assist border services officers i n their examinations, 
| 4 


Lx to of the e applicable legislation and/or regulations may j be aed to: a i monetary nait seizure or 
ES denied entry to Canada. 


whe en a this individ Lal seeks entry: at tthe border. The lead departmento on n the e is Immigration, nes and 
Citizenship Canada (IRCC). 
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Note: It may include records related to the establishment or use of electronic systems used to administer or 
manage the program including; the Integrated Primary Inspection Line (IPIL), Integrated Customs Enforcement 
System (ICES), Secure Tracking System (STS), Screening Referral Request (SRR), Secondary enm 

History (SPPH) and Global Case Management System (GCMS). | |j 
Document Types: Treasury Board Submission, Immigration and Refugee Protection Regulations, Project Charter, 
Concept of Operations. 


Record Number CBSA IST 006 


ns Records may also include Travellers Declaration cards, Casual í Goods s Accounting Documents, 
records or reports from electronic systems used to administer or manage the program including the GCMS, 
| Travellers Entry Processing System (TEPS), the Customs Commercial System (CCS), the Facility for Information 
Retrieval Management (FIRM) and the Travellers National Database System (TRANDS). 


Document t Types Memoranda of uses Letters of a Information Sharing Agreements, 


Class of Record Number: | CBSA IST 006 gne ca A? 


Proposal for a New Personal Information Bank 


|_| Proposal to modify an existing Personal Information Bank - identify PIB registration number and current 
description: 


and ame bam of | birth. | a 
Note: 


Information may be stared in the following internal systems / databases: Traveller Biometric identity Database. 
 (TBIS), the Global Case Management System (GCMS) (photo), Real Time Identification Database: e (RTID) 
(fingerprints), and Passage History (photo and fingerprint verification results). | s | 


Class of Individuals: O - | 
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. Travellers biometrically enrolled overseas, in Canada, or at a POE as part of the Biometrics Program. 
Purpose: | 
| The ce | information is used | to o administer the t Biometrics program a and to establish the end of ea a 
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the! Immigration and Refugee Protection Act and section 42. d of the Immigration and Refugee Protection 
| Regulations. : 
Consistent Uses: | 


may oe be shared it Rerional intelligence © Officers em intelli igence Targeting Operations t to assist. in Hd 
determining admissibility of travellers; refer to CBSA PPU 035. vo | 


Pa : 


Retention vand D Disposal Standards: _ 
Records will | be retained for 15 after from the time of the most recent biometric collection and will be - 
systematically destroyed after 15 years or upon granting of Canadian citizenship. For persons deemed - 
inadmissible under sections 34-37 of the Immigration and Refugee Protection Act, the fingerprints will be 
retained until the person reaches the age of 100 and then are destroyed. | o 


_ RDA Number: 2015/008 
| Related Class of Record Number: CBSA IST 006, CBSA ADM 132 
| TBS Registration: TBD 

| Bank Number: CBSA PPU 1203 - 


| 
| 
| 


The biometrics collection requirement i includes all persons s applying fora temporary or permanent resident 
visa or status, work permit, study permit, temporary resident permit, or erates peer: whether claimed 
inside or outside Canada, unless specifically exempted. : 


Note: A person eligible to apply for an Electronic Travel Authorization (eTA) will not be required to provide | 
their biometrics if they were travelling to Canada as a tourist. | 

Persons between the ages of 14 and 79 years applving for temporary or permanent residence are required 
to provide their biometrics. The Regulations specify that the age of the person will be determined as of the 


date on which the claim, application or request is made. The Regulations do not specify an upper age cut-off 
for those making a refugee claim in Canada for program integrity reasons. 


The Regulations require a one-time biometrics enrolment from permanent residents when applying for a 
new permanent. resident card if they were exempt from the biometrics collection requirement at the time 
the y applied for permanent residence because they were under the age of 14 at the time of their application. 


t Further, these applicants would not be issued a permanent resident card until they comply. with the 

| biometrics collection requirement. 

| The Regulations require that, where a person is required to provide their biometrics, they follow the 

| prescribed procedures b by presenting themselves at an enrolment facility located overseas, at a port ofentry | 
. in Canada, or at other locations, if authorized or directed by an officer to do so. | 


emselves 


Persons who are biometrical ly required and authorized to apply at a port of entry must present tr 
ata pono of ye that at provides bi biometrics collection services. These e persons would include 
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S Visa-exempt persons eligible to apply for a work or study permit at the port of entry; and 


O Persons requesting and receiving a temporary resident permit. 


protection a at any v port of enm 


_ Protected persons and Convention refugees who make an application for permanent residence from within 
| Canada will be required to re-enrol their biometric information at a service location in Canada. 


| The Regulations specify that foreign nationals who make more than one temporary resident Fe 2 


| applications for both a work permit and study permit) before providing their biometric information will oniy 
| need to provide their biometrics and payt the collection fee once. 
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This report will focus on two activities: 
e The introduction of biometric collection at POEs in support of study permits, work 
permits and temporary resident permits for all nationalities (other than U.S.) and 
o Biometrics Enrolment in Secondary to be conducted at 57 POEs by BSOs (July 31 2018) 
+ The expansion of biometric verification at POEs as it pertains to biometrically enrolled 
travellers seeking entry to Canada 
O Systematic Fingerprint Verification at Primary Processing of enrolled applicants at 
POEs (CBSA) at ten major airports (Toronto, Ottawa, Vancouver, Montreal, Calgary, 
Edmonton, Halifax, Winnipeg, Quebec, Billy Bishop) through the PIK (March 2019) 
o Fingerprint Verification in Secondary to be conducted at 57 POEs by BSOs (July 31 
2018) 


Privacy considerations related to the collection and verification of biometrics have been 
addressed in other PIAs, including: 


1. PIA for the Global VAC network (IRCC) (submitted in May 2017); 

2. PIA for M5 information sharing regulations (CBSA) (submitted in June 2017} 

3. PIA for U.S. service delivery channel (IRCC) (to be updated for June 2018); 

4. PIA for in-Canada service delivery channel (IRCC) (to be updated for June 2018); 

5. PIA related to collection and verification activities under the TRBP at POEs, including LiveScan 
(CBSA)(submitted in May 2014) 

6. PIA for the Statement of Mutual Understanding of information Sharing Citizenship and 
Immigration Canada (IRCC)(November 2002) 

7. PIA for Case-By Case Immigration Information Sharing with the Migration Five (M5) Partners 
(referred to as IIS PIA) (CBSA) (submitted July 2016) 

8. PIA related to the RTID system, including secondary use of information (RCMP) 

9. PIA for Primary Inspection Kiosks (CBSA) (submitted in February 2017) 


Summary of the Biometrics Expansion initiative: 


Accurately establishing and managing identity is fundamental to the integrity of Canada's 
immigration programs and essential to ensuring the safety and security of Canadians. Biometrics 
provide a reliable and accurate means of validating and verifying identity while facilitating the 
entry of travellers for trade, commerce, study, tourism and other legitimate purposes that yield 
social and economic benefits to Canada. 
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Canada has been using biometrics to manage identity in the immigration program for over 20 
years. Biometrics have been collected from asylum claimants since 1993, visa-required temporary 


residents from 30 nationalities since December 2013 and overseas refugee resettlement 
claimants since November 2014. 


in 2013, Canada began biometric enrolment and screening for foreign nationals from 30 
nationalities in support of their temporary resident visitor visa, work permit or study permit 
applications submitted overseas to IRCC under the TRBP. The TRBP introduced fingerprint 
verification by the CBSA at secondary examination on a discretionary basis at eight international 
airports. 


In 2015, Canada and the U.S. began systematic biometric immigration information sharing where 
the fingerprints of all refugee protection claimants, overseas refugee resettlement applicants, and 
visa applicants subject to TRBP requirements are sent to the U.S., which will send back relevant 
immigration information on matches. 


International partners are increasingly relying on biometrics as part of an effective migration 
control and security framework. However, Canada's biometric requirements apply to only 2096 of 
the total visa-required population and currently there is limited authority and capacity to use 
biometrics upon arrival. These gaps leave Canada's immigration programs and border 
management vulnerable to identity fraud and prevent Canada from taking full advantage of the 
benefits that biometrics have to offer. 


Biometrics Expansion will introduce new populations for biometrics collection and introduce new 
functionality in support of both facilitation and security, including: 


e Expanding the current biometric screening and verification to all Temporary Resident Visa 
(TRV), work permit, study permit, and Temporary Resident Permit (TRP) applicants 
(excluding US nationals) and all Permanent Resident (PR) applicants—new populations; 

e The introduction of automated systematic fingerprint verification of these travelers at 
primary inspection upon arrival at eight major airports (note, this service will be offered 
at ten airports; however, eight are in scope for the project) —new facilitation location and 
process; 

e Expanding fingerprint verification at secondary examination to an additional 11 airports 
and 38 land POEs— new facilitation locations; and 

e The introduction of biometric enrolment capacity to 11 air and 38 land POEs at secondary 
examination—new facilitation process. 


Eligible Travellers 


The expansion of the program sees the concepts from TRBP expanded to all temporary resident 
visa (TRV), study and temporary resident (TR) permit applicants (excluding U.S. citizens) and 
permanent resident (PR) applicants. While Biometrics is expanding to include new populations of 
travellers, the security, technology and privacy mitigation strategies outlined in the TBRP PIA are 
still applicable and continue to support this expansion. 
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The CBSA will only be biometrically enrolling study, work and temporary resident permit 
applicants at POEs. All PR applicants will be processed by IRCC and are outside of the scope of this 
PIA. 


SECTION 2 - RISK AREA IDENTIFICATION AND CATEGORIZATION 


| Type of Program or Activity Level of Risk 


| Program or activity that does NOT involve a decision about an identifiable individual = 1 
| Administration of Programs / Activity and Services À 


| Compliance / Regulatory investigations and enforcement KE 


| Criminal investigation and enforcement / National Security 


| Details: The CBSA will collect biometric information from all visa-required persons, all persons applying for a 

| work permit, study permit, temporary resident permit or temporary resident status (excluding United States 

| nationals), and all permanent resident applicants. The CBSA will verify a Il biometrically enrolled travellers at 

| Canada’s major airports in primary using the PIK and expand fingerprint verification capacity in secondary at 

| additional ports of entry (i.e. airports and land borders). : 

| Biometric Enrolment: The CBSA will collect, using the LiveScan device in secondary, directly from the 
applicant, their biographical data and two biometrics - a digital photograph and 10 fingerprints. The | 
photograph is sent to IRCC as part of the immigration enrolment. The fingerprints are sent to the RCMP | 
RTID for a search of registered conviction and charges and biometric enrolment. Applicants at the POE | 
are limited to: work, study and temporary resi nt permits, and under limited circumstances, 
applicants for permanent resident status inth 


ad 


ec Overseas refugee n fesettie ment p 
Biometric Verification in Secondary: The CBSA will verify, ir 
biometrically enrolled travellers referred for immigration p ie ys 
secondary for fingerprint verification when identity cannot be established with certainty : at t Piman. 


Biometric Verification i in Primary: The CBSA will systematically verify, , in primary, the fingerprints 
collected by IRCC or the CBSA during time of application using the PIK. This will allow the Agency to 

erify that the traveller presenting themselves at the PIK is a biometric match to the traveller who was 
issued a permit, visa or status. Further to this, a BSO may compare the photo collected during time of 
application to the live traveller. 


| Necessity |. 


| Biometrics screening will help facilitate the entry of travellers with legitimate identities by providing a reliable. | 
| tool for identity management, both at the time of application and at the time of arrival at a port of entry. | 
| Biometrics screening also helps to keep Canadians safe. The collection and verification of biometrics, along with | 

| criminal and immigration screening and biometric-based information sharing, strengthen the integrity of 

| Canada's immigration program. This helps prevent identity fraud, identify those who pose a security risk and 

| stop known criminals from entering Canada. The verification of biometrics collected at the appli ication stage 

| permits a CBSA officer to confirm with absolute certainty that the traveller's identity is a match to their visa or 

| permit. 
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| Effectiveness - : 
| Biometrics expansion v will Permit the Government of Canada (ac) to close the gap i identified i in A the im an 
permi 
ensuring that travellers z are not tentering Canada illegally. Additionally, i it will Il provide B BSOs swith tools to o identify | 
| known criminals and prevent their entry to Canada. The use of biometric algorithms to confirm identity i is more 
| effective than the visual inspection of a passport or digital photo. The use of fingerprint verification can be 
| automated and will be used to mitigate border wait times in the air mode; verifying identity with absolute 
certainty will mitigate the need for | lengthy immigration interviews currently being conducted by! the CBSA. 


——————————————— M 


Peer y 


tt the n nation. Further, the © Ontario € Court tof Apes reaffirmed thei importance of effective border management in | 
| the R. v. Jones (2006) decision by recognizing Canada’s control over its border “as a societal interest of. : 
| sufficient importance to be characterized as a principle of fundamental justice" given that effective border 

management serves a number of crucial social interests that benefit the Canadi ian public. 


Minimal Intrusiveness | | 
_ The CBSA has examined less privacy-intrusive measures, including status o quo and technological solutio 


em countries and one territory to provide - 

jility to verify the identity with absolute certainty as | 
ities to collect biometrics from this new population — 
enrolment at POE, provides the GC with a reliable © 
dos while db the e entry ofti d for trade, o 


E Status C Muo status q que Met TRBP, which includes : 


| Technological Solutions 


Biometric Enrolment: The Agency currently has LiveScan devices deployed. across the country. Biometrics 
a uu introduces a a! new y workflow called aber which will be used to conduct a biometric | 


| nid y: The Agency y currently has multiple verification devices deployed a across 
ib the country. Biometrics Expansion introduces new work locations, all in secondary Arcs te, where 


| Biometric decus in Primary: -The e CBSA will systematically verify, in primary, the fingerprints collected: 
| IRCC or the CBSA during time of application using the PIK. The PIKs are existing kiosks; 
| are new tech nology which will be procured by Airport Authorities. 


the verification devices 


| Type of Personal Information Involved and Context > Med of Risk 


| Only personal information, with no contextual sensitivities, collected directly from the [| 1 
- individual or provided with the consent of the individual for disclosure under an authorized 
| program. 


| Sensitive personal information, including detailed profiles, allegations or suspicions, bodily 
| samples and/or the context surrounding the personal information is particularly sensitive. 


| | Biometric Enrolment: Biograpt 
| their travel document, having their live photograph captured and by having their fingerprints captured. All of. 
| this information is captured in the LiveScan device using the “Immigration” workflow and sent to IRCC and the 


| biometrics collected by the Agency are er 
: management and information security requirements. All biometric collection devices (both enrolment and 

| verification) are certified for use by the RCMP. 

| As stated in the PIK PIA, at notime will the Aiport Authorities have access to the information collected by the 
CBSA. p 

| mo n for the data oe is provided by Shared Services Canada (SSC). At no time wi i SSC C have 


Canada Border Services Agency 


Biometrics Expansion | PIA 


LCD LL CAO SS 8 


| Personal informat ion, with no contextual sensitivities after the time of collection, provided by D] 2 
| the individual with consent to also use personal information held by another source. 


| Social Insurance Number, medical, financial or other sensitive personal information and/or the 3 
| context surrounding the personal information is sensitive. Personal information of minors or 
| incompetent individuals or involving a representative acting on behalf of the individual. 


Details: 


ical information and biometrics are provided directly by the traveller, by: scanning 


RCMP (fingerprints only). Specific elements of Biographic Data Entry include: Name, Alias, Sex, Date of Birth and 


| 
| 


| 


Country of Birth. Specific Biometric Data Elements include: Digital photograph is sent to IRCC; fingerprints are 


ie and are sent to the RC MP and a one-to-many search is conc en in 1 RTID. 


and sos transmitted: to the RCMP Por a 11 to 1 1 verifi cation in RTII D. 


_ Biometric Verification in Primary: Fingerprints are captured. using. the certified. fingerprint v verification device | 
| and securely transmitted to ) the RC MP foraitol verification i in RTID. | 


€ —————————————————— ——Á—Á———— M —— I RL OOO EEE ATO ELE EE CHOTA 


| itv. A b am Level Agreement (SLA) v wa: RCV 
Be relationship t between the CBSA and the RCMP asit pertains: to the RTI D J database and service e andad: All 


crypted and adhere to both CBSA and RCMP information 
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One time program or activity [11 
Typically involves offering a one-time support measure in the form of a grant payment as a social support 
mechanism. 


: Short-£erm program | ]2 


A program or activity that supports a short-term goal with an established “sunset” date, 


Long-term program 


Existing g program that has been modified or is established with no clear "sunset". 


| Details: Thee expansion of biometrics collection is a priority for the GC; it was announced in the 2015 5 Budget - 
_ Implementation Act (BIA) and subsequent regulations through pre-publication in the Canada Gazet 


tte Volume |, 


| implementation of the project will automate administrative tasks, freeing up CBSA officers to focus on 
judgement-based decision-making and enforcement activities at the POE. Canada's reputation as a leader in 

| border security will be strengthened as the Agency continues to prevent immigration fraud and illegal entry to 
| Canada. 


ie temporary resident | permití or inti. y resident. st 
resi ident applicants. 


| Technology and Privacy 


6.1 Does the new or waited program or activity involve the implementation of a new electronic — YES 
| system, software or application program including collaborative software (or groupware} that _ le 
is implemented to support the program or activity in terms of the creation, collection or 
handling of personal information? 


6.2. Does the new or modified program or activity n require any modificatiats to IT legacy systems Dx] YES 
and / or services? | [ ]No 


| &3 Does the new or modifed program or activity involve the implementation " one or more of 
| the following technologies: 


6.3.1 Enhanced identification methods: YES 
This includes biometric technology (i.e. facial recognition, gait analysis, iris scan, | NO 
fingerprint analysis, voice print, radio frequency identification (RFID), etc...) as well as easy - 
pass technology, new identification cards including magnetic stripe cards, "smart cards" 

(i.e. identification cards that are embedded with either an antenna or a contact pad that 
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6.3.2 


is connected to a microprocessor and a memory chip or only a memory chip with non- 
progran mable logic). 


Use of alice 


This includes surveillance technologies such as audio/video recording devices, thermal 


imaging, recognition devices, RFID, surreptitious surveillance / interception, computer 
aided monitoring including audit trails, satellite surveillance etc. 


Use of automated personal informarion analysis, personal information matching and 
knowledge discovery techniques: 


For the purposes of the Directive on PIA, CBSA is to identify those activities that involve 


the use of automated technology to analyze, create, compare, cull, identify or extract 
personal information elements. Such activities would include personal information 


PIA 


ves 
NO 


AS YES 


no 


matching, record linkage, personal information mining, personal information comparison, 


knowledge discovery, information filtering or analysis. Such activities involve some form 


of artificial intelligence and/or machine learning to uncover knowledge (intelligence), 
trends/patterns or to predict behaviour. 


The personal information is used \ wi vithin a closed system. 


No connections to Internet, Intranet or any other system. Circulation of hardcopy 
documents i is controlled. 


The personal information is trehsfensd to a portable device c or is printed. 


USB key, CD-ROM, laptop computer, any transfer of the personal information to a 
different medium. 


Level of Risk 


p Details: All personal information and biometrics v wil All be used within a closed system which has c connections to at at 


| least one other system. Information will not be transferred to any portable devices, however, the printing of 


| forms is permissible. 
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| Biometric Enrolment: The CBSA official « can print forms associated with the application; - however, this would _ a 
| not be standard practice. Should an officer decided to print a non-mandatory form, the form would be stored in | 
| accordance with the Agency's security and record retention policies. e 
| Biometric Verification in Secondary/Primary: There is no printing of information concerning fingerprint 

| verification results. The verification results from the RCMP will not be | included i in the PIK receipt. 


Managerial harm. | “rit 1 
Processes must be reviewed, tools must be changed, change in provider / partner. 


- Organizational harm. Be 
Changes to the organizational structure, changes to the organizations decision-making 
structure, changes to the distribution of responsibilities and accountabilities, changes to 
the program activity architecture, departure of employees, reallocation of HR resources. 


Financial harm. 3 
: Lawsuit, additional moneys required reallocation of financial resources. 


Reputation harm, embarrassment, loss of credibility. 
Decreased confidence by the public, elected officials under the spotlight, institution 
strategic outcome compromised, government priority compromised, impact on the GC 
Outcome a areas. 
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regarding t the CBSA's sabia to respocsibly y hà ndle p pe ersonal. 
xe Given the a safeguards] in place this is unlikely. A Critical Security Assessment Report (CSAR) has 
been conducted by CBSA IT Security; it will be finalized in advance of Coming-Into-Force of the project. 
Preliminary assessments show no indication of any security issues which would prevent the project from 
movi ving forward as planned. 


| Physica harm. 
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: Details: In the event of a breach of personal information collected and transmitted by the CBSA, there could be 
the possibility of identity theft for the individual. Again, the Service Level Agreement, initiative design, systems 
architecture and configuration requirements provide an adequate level of protection to mitigate this risk. 
| Personal data is stored in multiple locations (systems) and using a variety of security measures. A security 

| breach would not reveal an entire biometric collection file as it pertains to an n individual applicant. 
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Category Of 
' Personal Information 


1 
El 
| 
3 à 
3 y 
1 
1 
3 
El 


| | Biographic 
| Information 


Passport/Travel | 
| Document | 


_ Information j Information 


|! Biometric 
Information 


Fingerprints 


Canada Border Services Agency 


The following table lists the personal information elements collected, used, disclosed ar and retained v via the biometric en 
Personal Information 
Element 


eee PPM 


Passport/Travel 
Document 


j PIA 


SECTION 3. ANALYSIS OF PERSONAL INFORMATION ELEMENTS 


Personal Information Bank — Biometrics Expansion Program 


Personal information 
Sub-Element 


Format 
Source 


| Derived from the 
| client’s passport 


| Last name | Electronic 
First name - 


| Middle initial | 


: Electronic 


| Derived from the 
| client's passport 


Day of birth 
| Month of birth 
| Year of birth 


| Electronic | Derived hon fhe 


| dient’ s passport 


| : Electronic 
E 


| Derived from the 
| client's passport 


rolimenti information flow. _ 


Purpose 1 Necessity - 


- of namie 


| To document border c crossing; ;; Identify travellers in existing CBSA information holdings a 
| assess admissibility. 


| To document border crossing; identify travellers in existing CBSA i information holdings and 


| assess admissibility. 


AA A A AA me e r: T: A tata Lis 


o To doemen bsidere crossing; identify travellers ir in e existing CBSA information Holdings and 
| assess admissibility. 


Derived from the 
client’ 5 passport 


Élecrénie Derived during the 
| application process 


| | Direct collection of 
| fingerprints at POE 


| Fingerprints | | Electronic 


| Location fingerprints collected 
| Date 
| Authority to collect 


| Age | 


| To document border : crossing; identify travellers in existing CBSA information holdings and - 
| assess admissibility. 


AAAA LLL LL CO lil 


assess ss admissibility. 


TRS A A GI a A A A ATTIE TT TT A ah à à 0 0 à ASSAI EA SESTA ENE SIS AAA ee 


To fix the applicant’ s biometric identity, authenticate identity and determine admissibility 
through a one to many query of the RID database. 


Biometrics Expansion | PIA 


Biometric | Digital Photograph Digital Photograph | | Electronic | Direct collection of | To compare photograph with the photograph o on nthe passport submitted in ee of | 
information j i | | photograph at POE | application. In future, this photograph will allow the CBSA to confirm identity as it pertains | 
i j to the permit application. 


CA TES ES RAPERE E 


¡ ingerprints only and — | Fingerprints and tnmistatton ID Electronic | CBSA / A | Data to enable accurate storage and/or to be used for a one to one identity verification. 
Immigration ID Number— | Number—!1D : 


| Fingerprint Assessment Fingerprint | Response sent to CBSA from RCMP | Éerlronic RCMP | To establish biometric identity, authenticate identity and determine whether applicants 
Results from RCMP | Assessment Results 2 following one-to-one verification: — **senerated by | meet admissibility requirements under /RPA at time of application and at POE. | 
| |* Match; or | RCMP systems | | 
| + No match; or | | j 
| le Unable to certify (low quality 
| prints); or 
j i e File number not found (Le., ID | 
| | number) | 


| Fingerprints 8 &related — 
_ biographical data sent 
| to the RCMP 


mu he E nen eS : A——— 


| Information sent to E copy of the applicant's | Electronic | IRCC To estátilish penere Identity, adthenticate identity and determine whether apalane 
i 


| CBSA once a positive | | | photograph and tombstone data | **partially collected | meet admissibility requirements under IRPA at time of application and at POE. 
| decision is rendered on | | Document Number | from applicant or : 


| an application by IRCC — | Fingerprint indicator | generated by RCMP 
| | | The results of the fingerprint search systems and IRCC - | 
and the assessment j Processing officers | | - 


an Me ME D TM RH EU PARRA PARAT AR taa PI decane anlarntoattaateanae 


a OAR EEC OEE EERE A M P à TO ARAM Annan niii ano vee are a Aaa i t x — —M LOL ADDED ADI AAA AAA A tt OS ici PAI AI NN rs iii 


; F TERM 
Category Of dg Personal Information Personal Information 


| Personal: information | Element Sub Flament 


| RE Purpose / Necessity | 
of Element - 


pow Name : | Last name | Electronic Derived from the | To document baraer crossing; identify travellers | in existing CBSA information holdings and 
Information | First name : client's passport | assess admissibility. 


E Middle initial | 


————————M—Ó——M ges UU E T E AEE I RTT US a O UA M MM TE, d arannana r A NNI MEN T ENTE EIEEE OE ET eM NCC AA ln aa RARE RUN ve RS Se RH 
| 
| 


Day of birth Electronic : Derived from thé | To document border crossing; identify travellers à in y existing CBSA information holdings and 
Month of birth | client's passport | assess admissibility. 


IE Year of birth e | 
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| Gender. | Male/Female/Gender x 
i PA — "Weed | "T : Reape A 
— —— — —— mneee 
. Citizenship 
TENERE: SS Saree ee 
| Passport/Travel | Passport/Travel | 
| Document | Document | 
Information _ Information | 
Biometric | Fingerprints | | Fingerprints 


information 


: Biometric 
; information 


| Fingerprints & related 
_ biographical data sent 
| to the RCMP 


| Results from RCMP 


- Information sent to 
CBSA once a positive 
decision is rendered on 
an application by IRCC 


Fin g e r pri ^ t psum Vm 


RR 


| Fingerprints only and 
| Immigration ID Number | 
: [ID 


: Fingerprint 
| Assessment Results 


YU DM Er MMC 


| Location/Date/Reason for 


| | Fingerprints years of age and older.) | 


€— ene 


| | Digi ital Photograph 


| Fingerprints md immigration ID 
| Number—liD 


Response sent to CBSA from RCMP 


following one-to-one verification: 

e Match; or 

* Nomatch; or 

+ Unable to certify (low quality 
prints); or 

« File number not found (Le., 
number) 


HD 


A copy of the applicant's 

| photograph and tombstone data 
| Document Number 

j Fingerprint indicator 


| The results of the fingerprint search | 


| and the assessment 
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| Electronic: 


| Electronic 


Electronic 


D AREA RARE HMM ARRA 


(To don border crossing; identify travellers in Existing CBSA information holdings arid 


| Derived from the 
| client's passport. 


eer — 


| Electronic | | Derived from the 
| client's passport. | assess 
+ 


assess admissibility. 


————————————— Ate 


admissibility. 


| Derived from the 


| client 5 passport E assess admissibility. 


Derived during he 


application process 255855 admissibility. 


Direct collection of 
fingerprints at POE 
for verification 
indirect collection of 
photograph collected 
from IRCC or. CBSA 


| Electronic 


 Mngerprints under the application process and arrives at a POE, 


ERR MASA A Romane et ——M nin nnn RRR RARER sante 


| Electronic 
| D Visa application. 


i Electronte 


| Electronic 


**generated by meet admissibility requirements under /RPA at time of application and at POE. 


RCMP systems 


; Electronic ij To establish biometric identity, authenticate identity ard determine whether applicants 
| | **partially collected | meet admissibility requirements under IRPA at time of application and at POE. 

| from applicant or | 

| generated by RCMP 
systems and IROC —— 
| processing officers | 


PARMAR IAA de e e esie eere re seien t t AABAA s t ti A i ettet LOE ETE ES toii A en A e AR RAN n RAA A A manne eee 


(To docu ment border crossing; identity travellers i in existing CBSA Information holdings ana 


te document border crossing: identify travellers ir in the CBSA information holdings and 


| To document border crossing; identify travellers in | existing CBSA information holdings and 


EEE EEE NII ARRET DL A AA AAA APACE TUNA aa aaa AD AAAA AAAA AAAA nm ne nn ee D RAD RADAR IDR AS ARR AAAA dd nent du aa aa maman La à 


: To fix the applicant's biometric identity, authenticate identity and determine admissibility 
| through: one to one RTID verification match of an applicant who has previously submitted 


| To establish biometric ic identity, authenticate identity and determine whether a applicants — 
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RRE 


| Where Paano are not being used t to > confirm identi ~~ as it perteinst to the permit or 


f 
H 
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Biometric Verification at PIK 


The following table lists the personal information elements collected, used, disclosed and retained v via the verification at PIK information flow. | 


Category of 


| Personal Information 


j | Biographic 
Information 


| Province/Country 


Information 


Biometric 


A POIT AATAL E EEES —P—————————— — ————— AAAA 


| Citizenship a 
Nationality 


Purpose of Trip 


Visual Image 


Personal Information. 


m TUE m 


| Gender | 


f 
| 


Citizenship / 
Nationality 


[pM--—————————————————M——— 


AAA i x Ri e e e e e e RI 
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UY 
| 
| 


| Partial Address 


Personal Information — 


Purpose I Necessity m 


Wc NM _Sub-Element — MMC NUM C A LLL, Element — | 
| Lastn name Electronic | Derived from the E. To document border crossing: identify travellers] in existing CBSA iriforthation Holdings and 
| First name | | travel document at assess admissibility. | 
[iei E | i TA i 
| Middle initials | mene | | 
| Day of birth | | Electronic F “Derived from the | To identify travellers in existing CBSA information holdings anda assess admissibility. 
| Year of birth o 


| Male/Female/Gender x “Flectronié. | Derived fom — To o Identify Travellers in existing CBSA intormatión holdings and assess admissibility. | 
| travel document i 

nn cu RC METTRE dd es 0 Lo RS uta ait desserts end umi. rie up, TEES UNE IRR ne We 

| Country. | Electronic | Traveller data entry To s document border crossing; ; identify bravellevsd in existing CBSA information betdihias and | 
| Province (for residents of Canada) | at kiosk | assess admissibility. Place of residence is also used to determine which additional customs | 
| | related questions are aske a traveller (i.e., defines resident vs. non-resident). | 

| State (for residents of the U.S.) y RARES G asked toa t rie, defines resida pne | 


| Visual image of the traveller, taken. Electronic. loto capture at die. | To authenticate that the client in front of the kiosk corresponds with the individual's phictà 


AZ 


| by the kiosk. | kiosk | embedded in the chip of their ePassport chip (for the clients that have this feature in their 
| | passport). For all clients, the photo will be printed on the kiosk receipt as a means of 


; (Note: visual images are only 
| captured for travellers that are 14 
| years of age and older.) 


| 


m 
E 
| 


| | connecting the individual(s) with their declaration throughout the rest of the CBSA service 
area. CBSA officers will manually authenticate that the individual(s) presenting the receipt — | 
are those featured in the photos. This will improve traveller flow, strengthen travellers' | 


i | identity reconciliation, and limit internal conspiracy issues such as receipt / declaration 
| | swapping by individuals trying to circumvent referral to and examination at Secondary. 


$ 


i | Derived Fram the 
travel document at 


Citizenship 1 nationality of traveller | Electronic. | To docu ment border crossing, identity avellergi in existing CBSA information holdings and 


| assess admissibility. 


| | the kiosk | i | 

E Personal DURUM | üecronc | Traveller da dita kenne | To ree adimissibility of foren rational trà travéllers: MEM EM E 
Study | i at kiosk | | 

Work or Employment | | | 
FRERE seme o A A | 
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| 
Travel Document 


Information (may 
be their Passport) 


| Biometric. 


| information 


| Fingerprint Assessment 
| Results from RCMP 


| Customs and OGD 
; Related Questions 


————————————— tt 


| Duration of stay in 


| Canada | 


| Travel Document 
| | Information 


| Fingerprints 


| Fingerprint. 


| Assessment Results 


| Declaration 
questions 


| Duration of stay in 
| Canada 


| Electronic 


; | Document Cou ntry of issuance 
| Document expiration date | 
À Public Key Directory (PKD) - | 


Response sent to CBSA from R RCMP 

following one-to-one verification: 

* Match; or 

+ No match; or 

e Unable to certify (low quality 
prints}; or 

e File number not found (i.e., IID 
number). 


Declaration questions related to: 
| 1) Firearms or other weapons 
| 2) Commercial goods 
| 3) Food, plant or animals 
4) Currency (more than $10,000) 
5) Unaccompanied goods 


destined to a farm in Canada 


: Declaration related to personal 

| exemption (returning residents) and 

: allowance (visitors); and value of 

| goods for travellers indicating they _ 
| exceeded their exemption limit. - 


6) Visit to a farm abroad and | 
| 
| 
| 
| 


| Duration of stay in Canada 


| Electronic 


| Electronic 


MER ARR SR RANA RIA RR RARI RSS EDIE A ceat pepe a ee e tente RR SIR ht ek kt IR Et Ra tt 


“Electronic 


(| Electronic 


Derived from the 
travel document 


: Direct collection u 


| fingerprints at POE 
: for verification 


| RCMP 


| **generated by 


H 
H 
E 
i 
i 
E 
i 
i 
1 


| Traveller data entry 


| RCMP systems 


Traveller data entry 


at kiosk 


| To document border crossing; ; identity travellers in existing CBSA information holdings and 
| assess admissibility; to verify the validity and authentication of the travel document. in the 
| past, a CBSA officer would manually verify the travel document; through PIK, the kiosk will 


| conduct these tasks, validating the document against PKD information. 


| To fix the applicant’ s biometric identity, authenticate identity and determine admissibility = 


| through: one to one RTID verification match of an applicant who has previously submitted 
| a ad the d proces: and arrives at a POE. 


communicated to the traveller by the PIK. 


f at kiosk | 
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i “To establish biometrie a authenticate identity à and veris whether applicans 
meet admissibility requirements under IRPA at time of application and at POE. Note, the 
fingerprint assessment response from the RCMP is never, under any circumstance, 


To assess duties and taxes; to assess goods admissibility, 


Biometrics SHENBADSIUR j| 


| Duration of stay | Duration of absence fron Canada Electronic | | Traveller data entry To assess traveller exemption allowance for Canadian residents 
| at kiosk 


| Duration of stay 


| outside of Canada. da outside of Canada 
- NITE —— iS —————— NEUE EN Mi sere ere e Ross es RINT SERAN T esie eec re PEE ce us PARRA 
“Signature | Electronic Signature | Physical natos re e replaced Los on- Electronic | Traveller data entry | Validation af the information provided. 
| | | screen confirmation that the | at kiosk e 
| | declaration is true, accurate and | 
| | complete. | 
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CBSA - Released under the Access to Information Act 
ASFC - Divulgation en vertu de la loi sur l'Accès à l'information. 


CBSA - Released under the Access to Information Act 
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| sect ION 4 - FLOW OF PERSONAL INFORMATION 
E Data Flow Model - Diagram 


Diagram 1 — Biometric Enrolment at Secondary 


Start: A traveller who is eligible makes an application at a POE for a 
study or work permit or requires a TRP to overcome their inadmissibility. 


in all automated POEs, select information received from GCMS will be 
available to CBSA BSOs at the primary inspection (PIL) line in order to 
make an admissibility decision. The CBSA BSOs may make a visual 


— É ai voti e es E Submissiot 3. lípdat gt frecord (GC MS d 
comparison of the applicant and the passport photograph to make submission pni Bn Mn elo s eu 

ns mats uM ; å POMA Etre 
decisions about entry into Canada. If the traveller is admissible but nn en 4 Submit RCMP enrolment rediest store 

. — ete th "TEN OS -"— TNT f recor | fingerprints, search fingerprint repas tones, | 
requires a study or work permit, they will be referred to secondary for applic ation PRA LB bee: «aniy finge print matches 
biometric enrolment. If the traveller is inadmissible to Canada but may NN : Management 5. Notify IRCC of ting erprintse arch results 
Application SKK NE LN LL V iablat 6. Update system of record with fingerprint 


overcome their inadmissibility through a TRP, they will be referred to 
secondary for biometric enrolment. The decision that the traveller is 
eligible is based on the following elements: 


» A copy of the applicant's photograph and tombstone data as 
presented in their travel document 


Once in the Secondary Examination Area the traveller will have their 
fingerprints and photo taken as part of their biometric enrolment. These 
fingerprints, will be sent directly from CBSA to the RCMP for a one-to- 
many query against the RTID fingerprint database held by the RCMP. 


* The BSO will open the application in GCMS and can then begin 
biometrics collection. 

1. The traveler will begin enrolment at the LiveScan device which 
will capture select biographic fields which are auto-populated 
from GCMS in addition to the traveller's digital photograph and 
10 fingerprints. 
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2. Once the biometric data is collected, it will be securely transmitted to the process solution. The fingerprints and the associated biographical data will be subsequently forwarded to the 
RCMP RTID system via a secure transmission. 

3. The RCMP will conduct a search in the RCMP RTID system against records of previous deportees, refugee claimants, previous TR/PR applicants and criminal records (Canadian or foreign 
records held by the RCMP in the RTID Criminal Data Base) to determine if there are any matches to the collected fingerprints. The RCMP RTID system will store the digital fingerprints 
and associated biographical data received and then perform a search in the RTID system. The RCMP RTID system will return a response to the CBSA LiveScan device. 

4. GCMS will populate the biographical data sent by the process solution. 

5. The digital photograph however will only be forwarded to CBSA's e-storage once the BSO renders a decision on the traveller's application, where it will be available for future use by 
CBSA and IRCC. See Verification Diagram for more information on e-storage. 

6. The LiveScan device will receive an SRE from the RCMP RTID system and relay the information to GCMS through Canadian Immigration Biometric Identification Systems (CBIDS). 


The LiveScan will also record and transmit event logs to the process solution relating to each collection activity (e.g., log-ins, sessions opened, sessions cancelled, data captured, etc.), where 
they will be made available for oversight, reporting and monitoring purposes by CBSA. 


The BSO makes final decision at POE based on the applicant's biometric data, the results from the RCMP as well as any other required documents and/or available data. At any point in the 
enrolment process, there are no fingerprints stored electronically by the CBSA. If an error message is received from the RCMP about the transmission of fingerprints, the BSO will troubleshoot 
the error. 


The regulations include a discretionary authority for CBSA officers to exempt the biometric enrolment requirement for travellers in exceptional circumstances (i.e. system outage, urgent need, 
etc.) when the officer is confident in the applicant's identity. In such cases the BSO will revert to existing procedures to make the admissibility determination and the traveller will be 
biometrically enrolled at the next encounter (if biometric enrolment is still required). 
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Diagram 2 — Biometric Verification in Primary and Secondary 
Start: Registration of the applicant's biographical information vía scanning the Machine Readable Zone (MRZ) information strip on a passport or travel document (or manually entering the 
biographical data if an MRZ travel document is not available). 


Traveller Processing CBSA PPU 1101 En " | 
Temporary Resident Biometrics Program CBSA PPU 1203 neg NE ig Bp PA CURE 
betur NON BIOMETRIC PROCESSING Photo Verification 

1. At the Primary Inspection Line (PIL) in all automated POEs, select information P diu t. Scan/enter travel document 
received from IPIL will be available to CBSA BSOs in order to make an idua | 2. bopt Aera NM 
admissibility decision. atPOE ——C es ae 

: | ; : Pd 3. Display photo for manual 

2. IPIL sends a request to TBID to retrieve the biometric photo. un HE verification 

3. The CBSA BSOs may make a visual comparison of the applicant and the travel eee ‘| BIOMETRIC PROCESSING 
passport photograph with the photograph from TBID (displayed in the ey T 

NES A pe T ^ Admissibility > travel Secondary gs | CS 

Secondary Query, SPPH) to make decisions regarding entry into Canada. Verification i| document Query Fingerprint Verification 

4. At PIK enabled POEs biometrically enrolled travellers will be prompted to have — $ O. | 4. Capture fingerprints | 
their fingerprints taken for the purposes of identity verification. At both PIK and PIRE TA Í — «t$ T | | ». Send fingerprints to RCMP | 
non-PIK POEs, biometrically enrolled travellers may be referred to a Secondary i iD qecsen PK Query fingerprint match | uu E | 
Examination Area based on an inconclusive admissibility. decision or for other T i 0 | , request | (Secondary Flow - 30 
immigration processing or admissibility purposes. Once in the Secondary 7 i - seconds) 

Entry ; 6. Send fingerprints to RCMP 

admissibility assessment portion of the examination. url d nm 

5. The SPPH system will send these fingerprints, along with their IID, directly from : (Primary E = 10 second | 
CBSA to the RCMP for a 1:1 verification process against the fingerprints the ! response time} 
applicant previously provided at the time of collection. Upon receiving the o 


or unable to auto certify response (i.e., 1:1 match 

6. The PIK sends these fingerprints, along with their IID, directly from CBSA to the RCMP for a 1:1 verification process against the fingerprints the applicant previously provided at the time 
of collection. Upon receiving the fingerprints from CBSA, the RTID system will verify them against those taken previously at the time of collection for verification of an applicant's identity 
and provide a match, no match or unable to auto certify response (i.e. 1:1 match). The PIK service will then use the fingerprint verification result to inform a release (grant entry) or 
referral decision based on the PIK referral logic matrix. 


The BSO makes a final decision at POE based on the applicant's biometric data, the results from the RCMP as well as any other required documents and/or available data. At any point in the 
verification process, there are no fingerprints stored by CBSA. If an error message is received from the RCMP about the transmission of fingerprints, the BSO will use existing tools to verify 
identity or where possible, will troubleshoot the error. 

In the event that the verification equipment and/or system is malfunctioning, the BSO will revert to existing procedures to make the admissibility determination (Non 
Biometric Processing). 
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Diagram 3 — Biometric Verification in Primary at a PIK (detailed) 
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Start: A traveller makes an application at PIL for entry to Canada using a PIK by presenting their travel document. If an IID is on-file 
and the traveller is biometrically enrolled, the kiosk will prompt the traveller for fingerprint verification. CBSA — B2B Web 
Service Gateway 


(B2B-WSG) 


1. Collect biometrics (biographic, photo, and fingerprint biometric) via PIK device. 

. Kiosk submits encrypted fingerprint (NIST) package to CBSA over secure channel to the B2B Web Service Gateway (B2B-WSG). 
. CBSA Web Service Gateway forwards the request to the CBSA PIK Service. 

. CBSA PIK Service retrieves the unique ID (11D) for previously enrolled traveller stored in the TBID database. p a 

. TBID returns the unique identifier for the biometrically enrolled traveller to the PIK Service. Kiosk 

. CBSA PIK Service invokes the Biometric Verification Hub (VHub) with the NIST package and IID. 

7. VHub enhances the NIST package with the CBSA agency identifiers and makes a request to the B2B Datapower Gateway service to CBSA — PIK Service & — 
invoke the RCMP query. Verification Hub i we CBSA — PIK Service 
(Vhub) — eT 


c vt Bw N 


8. CBSA B2B-DPG submits NIST package via encrypted channel to RCMP for 1:1 verification. i | | i 
9. RCMP will respond to the CBSA B2B-DPG over the encrypted channel to provide the verification search results to the CBSA. Le | : foa br a | du = 
10. The CBSA B2B-DPG will provide the RCMP results back to the VHub service. Mee o Meet WE | NS au 


11. The VHub service will deliver the RCMP results to the PIK Service where the results will be stored in anticipation of a completed CRSA — B2B CBSA — Traveller 


session at the Kiosk. Datapower Gateway Biometric Identifier 
12. When the traveller completes their Kiosk session, the declaration will be sent to the CBSA B2B-WSG.  (B2B-DPG) Database (TBID) 
13. The CBSA B2B-WSG will deliver the verified request to the PIK Service. | . mms 

14. The CBSA PIK Service will process the declaration, and factor the RCMP results into the referral logic and create an immigration 


© 


MN "y PU 
referral if a non-match, inconclusive, or technical error is encountered. The PIK Service will deliver the PIK Receipt back to the B2B- RCMP — Real Time 
WSG. identification System 
15. The CBSA B2B-WSG delivers the PIK Receipt to the Kiosk, where it will be printed and the Traveller can collect it and present it to (RUD) 
the Podium Officer who may direct to Referral Officer, Secondary Officer, or release the traveller. 


The BSO makes a final decision at POE based on the applicant's biometric data, the results from the RCMP as well as any other required documents and/or available data. At 
any point in the verification process, there are no fingerprints stored by CBSA or by the PIK. There are no fingerprint verification results printed on the PIK receipt. If an error 
message is received from the RCMP about the transmission of fingerprints, the BSO will use existing tools to identify identity or where possible, will troubleshoot the error. 

In the event that the PIK is malfunctioning, the BSO will revert to existing Primary Processing procedures to make the admissibility determination; biometric processing would 
remain available in Secondary Examination. 
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4.2 Data Flow Model - Table 


| SOURCE 
| 
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- “CBSA Information Holdings 


| information Holdings 


| The individual ora representative 


| Royal Canadian Mounted Police 


LOCC EEOC CCR 


IDE NTIEY THE SOURCE 


AAA 


Traveller 


| CBSA Information holdings suchas: 

| * Integrated Customs System {ICS}: A common platform 

| for managing authorized and authenticated access to 
the CBSA systems: 

o PIK Service - that handles the orchestration 
and coordination of primary processing for | 
each traveller using the self-service Kiosk | 
option. 

o Secondary Processing and Passage History 1 
(SPPH) to store traveller encounters, including | 
declaration data, referral codes, previous | 
fingerprint verification results, and | 
examination results. 

o Passenger Information System (PAXIS) to 
retrieve passenger and flight information 
through the Advance Passenger Information 
(API) — CBSA PPU 008, 


|* Integrated Custom Enforcement System (ICES) — 
| PPU 016. Data from the following programs is 
accessed through ICES: 
o Criminal Investigation Program — CBSA PPU 
1402; and 
o Intelligence Program — CBSA PPU 035. 


le Interdiction and Border Alert System (IBAS). Data from | 
| the following programs/systems is retrieved through 1 
IBAS: | 
o immigration investigations Program — CBSA 
PPU 1403 
o Enforcement Information Index System (EIIS) — 
CBSA PPU 025 
o Document Integrity Program — CBSA PPU 1404 
The Lost Stolen Fraudulent Document (LSFD). 
*immigration related data is retrieved from 
Global Case Management System (GCMS) 
| through IBAS — =< < | 
A subset il Wants and Warrants from Canadiar ian Police 


‘CBSA 
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4,3 Internal Use and Disclosure 


Program | Personal information ba nk 


| Secondary Processing | Traveller Processing PIB - CBSA PPU 1101. 


4.4 External Use and Disclosure 


REESE Ena TON 


“The individual o ora representative | 


H 


A federal government institution RCG, as per the terms of the PIBs 
| e Visitor Case File: CIC PPU 055 


e Foreign Student Records and Case File: CIC PPU 
- 051 

| | e Temporary Worker Records and Case File: CIC 

| | PPU 054 

œ Overseas Immigration Case Files: CIC PPU 039 — 


d 


- Provincial Government | No systematic disclosures; any disclosures would be 
0 pursuant to Section 8(2) of the Privacy Act and/or Section 
| 107 of the Customs Act 


deceeeeeeeeeeeeees €————''——————————————————— ''—————————————————ÁÁMÁ—M9——————— A E 


- Municipal Government | No systematic disclosures; any disclosures would be 
| pursuant to 8(2) of the Privacy Act and/or Section 107 of 
0 the Customs Act 


Donee ————————— A 


| No systematic d disélésures: any disclosures would be 


| pursuant to 8(2) of the Privacy Act and/or Section 107 of | 


| the Customs Act | 
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- Organization of a Foreign State | M5 Partner (U.5., U.K., AUS, and NZ) 
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International Organization | No systematic disclosures; any disclosures would be 
| pursuant to 8(2) of the Privacy Act and/or Section 107 of 
| the Customs Act 


Private Sector 


- Located in Canada and Canadian | None 
Owned : 


- Located i in Canada and Foreign Owned None 
- Located abroad and Canadian Owned | None 


Located abroad and Forei ign Owned | | None 


The following section examines privacy compliance (at a high level) for the transparency of the disclosure of 
information, as included in this project The disclosure of information to any other government departments, 
per existing agreements, is not further explored in this PIA, as there are no changes to the established 
processes. 
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4.5 Retention / Storage 


| À federal government institution RCMP 
| IRCC 
2 


À Federal Records Centre. N/A 
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i m in Canada and Canadian Owned | — 

- Located la Canada ar and Foreign Owned o 

- Located abroad ar and ¡Canadian Owned | mE | _ 
NE” indi iuh snd Foreign O Owned is EN cup ERE E T 


“Identify Groups o or r Areas fo or r Divisions | Positions who have a access or use the a Geographical Location. 
| Personal information (where appropriate) | | 
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The CBSA responsible e for p program or Faciam 
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CBSA Programs | | Approximately 25- 50 staff members 


CBSA Information, Science ad | Approximately 20-25 staff members in | National Capital Region | 
Technology a production support role, responsible | | 
for receiving incidents and requests | | 

from end-users, analyzing these and | | 

either responding to the end user - 

| With a solution or escalating it to the | | 

| other IT teams. These teams may : 

include developers, system engineers | 
and database administrators handling | 
system issues | 


E 


“CBSA Operations Approximately 4500 staff members m All Ports ofE Entry 
, including Border Services Officers, _ 


including Border S petuo bees ei 
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E Tinems/students, s | Tm pemusdem | — — ^ — m 


Chiefs of Ope rations 


E 
s 
. | 


i H 


| 
| CBSA Recourse |! Approximately 25- 30 staff mem bers: T National Capital Region 
| | handling recourse and appeals | | and Regional Offices 


| Other federal government Institution tesponsible for program or activity: 
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| | Statistics Canada | StatCan estimates access is limited to | National Capital 
| 50 staff members, including scanning Region | 
clerks and statisticians. No biometric | : 
information i is s shared | 
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| SECTION 5 - PRIVACY COMPLIANCE ANALYSIS 


| Has a legal authority been identified for the collection of personal information for this program or activity? 


1.1 ha TEN the legal authority and briefly explain its connection to the program or activity or how it | 
| permits the collection of the personal information: 
| 


near SA ERAN AAA RANA AAA BA AA AB PAPA A Att NAY IIIS A PPP PVT i vesci eat e — E ETE 


Legal authority for the collection of biometrics (digital photograph and fingerprints] is is derived 
from the e migration a and dud Protection Regulations f APR 
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| Yes 


| 1.2 A h is the personal ir information collected d directly re related to an voperating program or activity? 
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No 
E 3 E If there is no legal authority for the collection of personal information, it cannot be collected. Please 
consult your legal advisor to determine if there is authority to proceed with the program or activity. 
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Bp Necessity to Collect Personal mřormation 
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| 
— 
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Is each element and sub-element of personal information collected or to be collected necessary to 
administer the program or activity? 


YES 
[X] Ensure that all personal information necessary to administer the program or activity is listed in the 
relevant PIB. 


for a ma MM or its eee 


| 2.3 Âre secondary uses contemplated for the information collected? 


| The use of the information for enforcement (if required) internal to the CBSA and disclosures to other 

| government departments such as StatsCan would be considered secondary uses. These uses are documented 
| in the Personal Information Bank and notice is provided to the individual at the point of collection through a 
| Privacy Notice at the PIK and at tin me of enrolment at the LiveScan device. 
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2 | 2:312. 18 not, is there authority for the use or disclosure of the personal information? 


Xx] YES NO 


| Review the proposed elements and sub-elements of personal information outlined in "Section 3 — 
Analysis of Personal Information Elements" to identify those that are "necessary" and not merely 
useful. Document any changes. 
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3. Authority for the Collection, Use or Disclosure of the Social Insurance Number ] 
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is the collection of the Social insurance Number (SIN) necessary to administer the program or activity? | 


YES 
3.1 | | Collection of the SIN must be in compliance with the Directive on Socíal Insurance Number (please 
check all appropriate boxes below): 


EFI | State legal authority for collecting the SIN 


| OR, | in nthe absence ofa legal authority to collect the < SIN: - 
| 3.3 a Establish explicit authority through legislative amendment(s). 
| 3.4 |_| Establish legal authority as outlined in the Directive on Social Insurance Number. | 
: AND, if disclosure of the SIN by the CBSA is to occur on a routine or systematic basis 
3.4.1 [_] To another federal institution that is authorized to collect it, or to another level of government, 
establish an agreement or arrangement that includes specific provisions to limit the use of the | 
SIN. | | 
3.4.2 | | To a contractor or other external service provider, establish a contract that includes specific 
provisions to limit the use of the SIN. 


| 3.5 [ ] AND, ensure that the relevant PIB for the program or activity states the authority under which the 
| SIN is collected and the purpose for which it is used. 


NO 


| The SIN is not necessary and it will not be collected, used or disclosed to administer the program or 
activity. 


3.6 [X 
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p is personal information collected id directly "m the individual to whom it relates? 
o ba 


‘ individual at ‘the time ofc collection and y it must include the Hole etes 
| 


a T The "purpose and E aufhority f for the collection 


Canada Border Services Agency 


Biometrics Expansion | | PIA 


c) Any uses or disclosures that are not related to the original purpose — 


d) Any legal or administrative consequences for refusing to provide the personal information 


f) A reference to the PIB for the program or activity 
g) Why the SIN is collected, how it will be used and the consequence of not providing it. 


AND, add a "Consent Statement" to the "Privacy Notice" as appropriate, if the personal information is to 
be used or disclosed for a purpose other than the original purpose (Secondary Use) or a consistent use, 
or, to authorize indirect collection of personal information. 


4.2 | | The “Consent Statement" must include the following elements: 
a) The purpose of the consent and the specific personal information involved. 


* 


protection of personal information under the Privacy Act. 
b) in the case of indirect collections, the sources that will be asked to provide the information. 


C) Uses and disclosures that are not consistent with the original purpose of the collection and for 
which consent is being sought. 
d) Any consequences that may result from withholding consent. 


e) Any alternatives to providing consent 


| 4,3 | | AND, implement controls and procedures to ensure that the CBSA keeps a record documenting 
whether or not an individual provided consent when it was sought, including a record documenting 
any withdrawal of consent when applicable. 


Additional Consent Considerations (s. 77(1)(m) of the Privacy Act): 


| | Standards and mechanisms are in place to ensure that the individual has capacity to give 
consent. 


| IRCC has taken a several steps to ensure applicants are well notified of the biometric requirement as well as 
| the purpose of collection, namely: 


o Ata POE, a Privacy Notice is posted on the wail with the LiveScan enrolment device. 


NO 
4.4 [ | The personal information necessary for the program or activity is not collected directly from the 
individual. it is collected indirectly, for example, from another program within the CBSA, or from 
another institution, government or third party. 


5. indirect Collection - Consent or Authority under Sec. 10 of Privacy Regulations 


| ds personal information collected indirectly from another source with the informed consent of the individual | 
| to whom it relates, or from a person authorized to act on behalf of the individual pursuant to section 10 of 
| the Privacy Regulations? 


——————————Ó 


A —Ó————— 


| 5.1 | | The notice and consent requirements stated at Question 4 apply. Please provide the "Privacy Notice" | 
0 and/or "Consent Statement" below: 


E 2 [| AND, implement controls and procedures to ensure the CBSA keeps a record documenting whether 
: or not an individual provided consent when it was sought, including a record documenting any 
withdrawal of consent when applicable. 


LH 3 [ ] AND, if information is being collected from persons authorized to act on behalf of minors, 
incompetents or individuals who have been deceased for less than 20 years, implement appropriate 
mechanisms to ensure that such persons are authorized to act on behalf of individuals who do not 
have the capacity to provide consent. 


NO 


i j | 
H 
E 
i 
| 
| 
| 


The information collected from the applicant directly; however, there are instances where a person 
B on sondes of à minor ora à person wee a n limitation to biometric collection can assist. As 


| is — information collected pe another source without notice to or consent from the individual to 
whom the information relates? 
| | 
| YES 
6 1 [| Where information is collected indirectly under any of the following circumstances without notice to, 
| or consent from, the individual to whom it relates, please check the applicable boxes and explain as 
requested: 


[ ] a) The collection is a result of a disclosure to the CBSA under subsection 8(2) of the Privacy Act. | 
State the applicable paragraph(s) of subsection 8(2) and provide a brief explanation for each: | 


| Details: 


b) Direct notification of the individual might result in the collection of inaccurate information, or | 
might defeat the purpose or prejudice the use for which the information is collected. Briefly 
iced why notice is not provided. | 


Details: 


| [| ]c) The information involved in the program or activity is to be used solely for a non- 
administrative purpose in which no decisions are made about the individuals to whom tl 
| 


information relates. 


6.2 | ] AND, if any of the circumstances in a) b) or c) is applicable, ensure that it is reflected in the relevant 
PIB. 


6.3 | | AND, if the information is to be used solely for a non-administrative purpose (box c above has been 
checked), ensure that the requirements under sections 6.3.2 and 6.3.3 of the Directive on Privacy 


———————————————————————————— — nnm" X: 


Canada Border Services Agency 


E 5| | Provide a Records Disposition Submission to Library and Archives Canada describing the records 


Biometrics Expansion | PIA 


——————————————— 


Impact Assessment have been met, and that the decision of the official responsible for section 10 of - 
the Privacy Act to proceed with a CBSA PIA for the program or activity has been adequately 
documented in the description of the program or activity in "Section 1 - Overview and PIA initiation" 
| of the CBSA PIA. 
6.4 | | OR, if none of the circumstances in a) b) or c) is applicable, then the personal information must be 
collected directly from the individual, or indirectly with the consent of the individual. Please review 
| the responses to Questions 4 and 5 and ensure that the "Privacy Notice" or the "Consent 
Statement" includes all of the required elements within Question 4. 


———————Ó—Á——————— M EEE RR 


| 7. Retention and Disposal of Personal Information. : | 
| — SNP sas a ——————— RH: CETTE ERE RR ND Free erbarra Dese ; "| 
| Has Library and Archives Canada approved a records retention and disposal schedule that applies to the 2 
| personal information? | 


| YES 

| 7.1 [X] Please identify the Disposition Authorization (DA) and describe the retention and disposal schedule: 

7.2 = AND, implement controls and procedures to ensure that personal information used to make a 

| decision that directly affects an individual will be retained for a minimum of two years after the last 
administrative action or, where a request for access to the information has been received, until such 
time as the individual has had the opportunity to exercise all his/her rights under the Act. 

7.3 DX] AND, if the CBSA intends to dispose of personal information that has been used for an administrative 
purpose prior to the expiration of the two-year minimum retention standard established by the 
Privacy Regulations, it must obtain the consent of the individual to whom the information relates 
before doing so. 

X] AND, the CBSA must cite the DA number, the retention period and the disposition standards for the 
personal information in the relevant PIB. 


(———— X —————————————————————————Ó 


1 | Personal information identified in CBSA PPU 1203 will be retained for fifteen years fom the time of the most 
| recent biometric collection and will systematically be destroyed after fifteen years or upon granting of 
| Canadian Citizenship. For those persons deemed inadmissible under sections 34-37 of the Immigration and — 


| Refugee Protection Act, the fingerprints will be retained until the person reaches the age of 100. This has been 
| establ ished to align to the retention period of IF IRCC (GCMS). 


NO 


containing the personal information for which the institution requires a DA. | 


E 6 CT a AND, obtain a DA oe pes and Archives Canada to allow the CBSA, under certain conditions, to 
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| Will measures be adopted to ensure that personal information used by the CBSA for an administrative 
purpose is as accurate, up-to-date and complete as possible? 
| 


YES 
| 8.1 Please check any of the following measures that will be adopted to ensure accuracy of the personal 
| information and provide details as requested: 
| 8.4.1 Personal information will be collected directly from the individual to whom it relates or it will be 
validated with the individual or a person authorized to act on behalf of the individual. 


V 


8.1.2 A data-matching process will be used to verify the accuracy of personal information against a 
"reliable source" (within or outside the CBSA) where this is authorized, or where consent was 
obtained. 
8.1.3 | ] In cases where direct collection or consent is not feasible, the CBSA will obtain information from 
trusted sources (public or private) and verify accuracy against existing personal information 
before use. 


LX, Technological methods will be used to identify errors and discrepancies. 
8.1.5 Ls Other 


"— vauthiarired à to act on n behalf of the » individual", t the CBSA must B eM nat ue 
and procedures to ensure that: 


a) The technique(s) and the specific source(s) used to validate or update the personal information 

are documented; | 
b) Individuals are given the opportunity, whenever possible, to request correction of any inaccurate | 
personal information before the information is used in a decision-making process that affects | 
them; | 
| c) Personal information can only be modified or corrected by those within the CBSA who have the 
authority to do so; 

d) When personal information is corrected or annotated, the record of personal information 
indicates the date of the last correction or annotation and the source of the information used to 
make the correction or annotation; and 
| d) When personal information is corrected or annotated, other authorized holders of the 
| information are notified about the correction or annotation and that ali copies of the information 
| in the possession of the CBSA are corrected / annotated. | 

i 
i i 


| 8.3 [X] AND, if appropriate, ensure that the "Privacy Notice" or "Consent Statement” and the relevant PIB | 
are amended to identify the data-matching activity including the source(s). 


jEEE——————— ————ÁÁa—————H OOO RN OO RR ANA 
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- Details: 


PARAITRE D A ESE ASSESSES eet e e SSS SSE SSS SESS SSSI EBS nS Rp UR RE E RE EE EE ete d Rt nti ste i etie 


E A AR AR A RANA NB RA RA Ri tB i vei diii lI RR Aa 


Will the personal information collected for the program or activity be used solely for the original purpose 
for which it was obtained or compiled, a use consistent with that purpose, or a purpose for which the 
information was disclosed to the institution pursuant to subsection 8(2) of the Privacy Act? 


| implement controls and procedures to ensure that access to the personal information for such 0 
purposes will be limited to authorized individuals who need to know the information to perform their | 
official duties. 


| IN Memorandum of “Understandihg o or i sharing a re 
| De pursuant to subsection 8(2) of the Privacy Act. 


plo ae 


9.2 x AND, ensure that the "Data Flow Diagram” | 
Personal Information" of the CBSA PIA identify the areas, groups and individuals (e.g., the positions) 
within the CBSA who have a need-to-know to access to or handle the personal information, including 
their geographical location and where the personal information will be stored or retained. 


* AMT —— —1 
A —— MÀ AAAA AAAA AA AAA AAAA — ————————— ———In (IERI 


X AND, if the purposes for which the personal information is used includes any use(s) of the 
information for a non-administrative purpose, (such as research, statistical, audit and evaluation 
purposes) the CBSA will adhere to the requirements and principles in the CBSA Privacy Protocol For 
Non-Administrative Purposes (2012), in accordance with section 6.2.15 of the Policy on Privacy 
Protection, to address any impact that such non-administrative uses may have on privacy. 


NO 


9.4 | ] Identify below any other uses of the personal information, in other words, any routine uses that are 
| not directly related to the purpose of the collection, or, which are not consistent with that purpose 
or for which the information was disclosed to the CBSA pursuant to subsection 8(2) of the Privacy 
Act: 
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| 9.5 | . AND, ensure e that these other uses are reflected in the relevant PIB. 
| 9.6 | | AND, include a description of these other uses in the "Privacy Notice" or “Consent Statement”, as 
| edid 


| 10. Disclosures Directly Related to the Ad ministration of the Program or Activity 


| Will personal information be disclosed for purposes directly related to the administration of the program or | 
| activity? 
RD 


| Please check all applicable boxes below and, for each disclosure, identify the name of the - 
organization or third party to which personal information will be disclosed. If it is disclosed within the | 
CBSA, please identify the branch and the program or activity. | 
104. 1[X] Within the CBSA for another program or activity 


management purposes. | 


101. d. 2 X | Other f federal government institutions 


| Details: The Agency’ s] inland Enforcement Program may use the information collected for identity 
E 10. 1 30 MIT Provincial, à terri titor ia Of municipal sovernmeritsir institutions 
| 


10.1.4 [X] Foreign government institutions and entities thereof 


| Details: Canada may send biometric-based queries ! to M5 partners from applicati ions made at a POE on 

| a case-by-case basis subject to need and time constraints. Biometric-based queries will be sent to the 

| US for all immigration applications made overseas and at in-Canada service locations. This represents an 
| taking place under the current program. It is anticipated that the US will send a reciprocal volume of 

| biometric-based queries to Canada. 


1 | Biometrics expansion will increase results in automated biometric-based information sha ring with each 
| | of the M5 partners (Australia, New Zealand and UK). Disclosures of personal information for this 
( | purpose would l bei in ı accordance with the e disclosure provisions of Modi a ) 2) of the dee Act. 


| y year; a DE volume of exchanges than with px Us. T his volume | is on a don 
| | regarding each country’s capacity to send and receive international queries. Determining factors, such 
| | as risk and volumes, will be integrated into system rules to establish which queries are sent to each of 

E the M5 5 partners. Ir In turn, n, Canada will process: an annual total o of upt to 1. -2million requests received from 


| p remaining 1 VE partners will allow Canadian officers: access to valuable PU and bl 
| information on third country nationals held by the immigration authorities of those countries. — 


10.1.5 ia International organizations 
10. 0.1.6 EI The private sector (e.g., contractor or other external service provi ider) 
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any such disclosure is made in compliance with section 8 of the Privacy Act, which allows 
disclosures of personal information with consent of the individual to whom the information 
relates (subsection 8(1)) or without consent in certain and limited circumstances pursuant to | 
subsection 8(2) of the Act; | 
b) only personal information elements that are necessary for the intended purpose are disclosed; 


A NN NN EA 


d) administrative, physical and technical safeguards appropriate to the sensitivity of the information 
will be applied to protect the information during and after its transmission (see Question 15); 

e) the organization or third party to which the personal information will be disclosed for the 
administration of the program or activity are identified in the "Consistent Use" section in the 
relevant PIB in CBSA info Source, including the specific purpose of the disclosure; 
the "Privacy Notice" or "Consent Statement" describes any disclosures of information; 

f) the "Data Flow Diagram" or "Data Flow Tables" completed in "Section 4 — Flow of Personal 
Information" of the CBSA PIA include details on the disclosed personal information: 


c) the organization or third party receiving the personal information is authorized to do so; 
IX] AND, any disclosure of personal information to another federal institution or outside the 
Government of Canada is governed by a formal agreement or arrangement (e.g., a Memorandum of 
Understanding, an accord, a contractual arrangement, etc.) to ensure that appropriate privacy 
protection clauses are included, and, where applicable, include provisions for inter-jurisdictional or 
a) Control over personal information, where appropriate. | 

b) Limitations on the collection, retention, use and disclosure of personal information. 
c) Measures (administrative, technical and physical) to protect the integrity and confidentiality of 
personal information. 
d) Measures governing the disposition of the personal information, where relevant 
e) Measures to ensure or verify that the personal information is only used for the purposes related | 
to the agreement, arrangement or contract. | 


f) Obligations are to be extended to other parties such as subcontractors. 


| Details: M 


n 


NER E E NM D S nn tn 


Cc añada. and the Ganada: Border: Services Aie and The e Department ofl immigration and Border 
Protection of the Commonwealth of Australia Regarding the Exchange of Information (MoU) 

A) Annex to the MoU Concerning the Exchange of Information on a Case-by-Case Basis 

B) Annexto the MoU Concerning the Exchange of | Information on an Automated Basis 


2. Memorandum of Arrangement Between The Department of Citizenship and Immigration of Canada | 
clas Canada Border Services n and The New Zealand cum of ue po wm 


anda à and the Canada Border à Services Agency and thel United i Kingdom 5 Secretary o ofS State for the | 
- Home Department Acting Through the Home Office Regarding the Exchange of Information 
A) Annexto the MoU Concerning the Exchanger of Information on a Case-by-Case Basis 
4. Implementing Arrangement Between the Department of Citizenship and Immigration of Canada 
and the Canada Border Services Agency, on the One Side and the Department of State and the 
Department of Homeland Security of the United States of America, on the Other Side, Concerning 
Biometric Visa and Immigration Information Sharing 


NO 


| 10.4 | | There is no disclosure of personal information within or outside the institution for purposes that are 


directly related to the administration i of the program o Or activity. 


Canada Border Services Agency 


Biometrics Expansion | PIA 


deine eed ee 


Will controls and procedures be implemented to account for any new use or disclosure of the personal 
information that is not included in the relevant PIB published in CBSA Info Source? 


YES 

114 Appropriate controls and procedures have been or will be implemented to ensure that: | 

| a) the head of the institution (The ATi and Privacy Director) or the appropriate delegate is notified 

! . about any new use or disclosure of personal information that is not reflected in the PIB 

description published in CBSA Info Source; 

b) the consent of the individual to whom the information relates is obtained in writing, as 

| appropriate, prior to any new use of the information for an administrative purpose that is not 
reflected in the relevant PIB published in CBSA Info Source, unless the new use is considered to 
be consistent with the purpose for which the personal information was obtained or compiled and 
the Privacy Commissioner is notified, by the CBSA ATI and Privacy Director, forthwith regarding 
the new consistent use; 


c) except as permitted under subsection 8(2) of the Privacy Act, any disclosure of personal 
information for a purpose that is not reflected in the relevant PIB published in CBSA Info Source | 
will only be made with the consent of the individual to whom the information relates; | 

d) a record is kept for any new use or disclosure of personal information not described in the 0 
relevant PIB published in CBSA Info Source, and that this record is stored with the personal 
information to which it relates and retained for a minimum period of two years following such a 
use or disclosure; 

| e) ifthe information is disclosed to a federal investigative body under paragraph 8(2)(e) of the 0 

| Privacy Act, the record of disclosure will be kept in a separate PIB for a period of two years where | 
it will be available to the Privacy Commissioner for review upon request; | 

f) the Privacy Commissioner is notified, by the CBSA ATI and Privacy Director, forthwith, as requi ired | 
under subsection 9(4) of the Act, of any new use or disclosure that is consistent with the purpose 
for which the information was obtained or complied, but which is not reflected in the relevant 
PIB published in CBSA info Source; 

g) the relevant PIB is amended in time for the next edition of CBSA Info Source to include any new 
use(s) or disclosure(s) that are consistent with the purpose for which the information was 
obtained or compiled, as well as any routine use(s) or disclosure(s) that do not fall within the 

SRNEBOIIGS of purpose of collection or consistent use; and | 


Bd redi ünder: subsection en » 5) of the 3 Act, about any di pA iioi or to be epu in e 
public interest or in the interest of the individual to whom the information relates. 


i) Other 


NO 
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m a Statement of Sensitivity (SoS) or similar analysis been completed to assess the degree of sensitivity of | 
| the personal information to be collected and retained for the program or activity? - 
| YES 

| 12.1 XI The information contained in the SoS or similar analysis has been taken into account when assessing 


the level of risks to privacy in "Section 2 - Risk Area Identification and Categorization" of the CBSA 
PIA. 


Vni simon mom inimi irit im mit —————————————— MONTEM EATER TRA 
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Details: A Statement of Sensi tivi ity (SoS) has been completed for the TRBP. As the information collected - | 
| under TRBP is identical with the expanded population, the TRBP Sos i is still appli cable. 


NO 


| 12.2] | Please explain why a SoS or similar analysis was not considered necessary to assess the sensitivity of 
/ the information. 


je en MM A A A A A A ere ee rere. RTS SR SSSR eee AS Se nns 


E Safeguards - - Threat and Risk Assessment 


| Has a Threat and Risk Assessment (TRA) or a similar security assessment been completed for the program or | 
| activity? | 


YES 
13.1| | Reference the title of the TRA or other security assessment in "Section 6 ~ Supplementary 
Documents List" and provide . a | brief synopsis. of the assessment ii in a the space below: 


Details : 


ES 2[ O | AND, obtain à assurances from the officials "—— e for thee program or activity that ihe measures 
recommended in the assessment have been implemented to ensure the confidentiality, availability 
and integrity of the personal information. 
13.3[ | AND, ensure that any residual risks to personal information are known and accepted by the 

executive or senior official responsible for the program or activity and the Head or delegated 

authority for the Privacy Act. (ATI and Privacy Director) 
NO | 
13.4 bx] If a TRA or similar security assessment is underway, simply reference that fact in the space below and | 
indicate when it is likely to be completed. if there is no intent to complete one, please explain. e 


MASS SAM ANTESALA AAA A A A A A A A A iii a A A A A A CEI ESE dd din Inn tmm A as 


| Details: A CSAR has been prepared for the Biometrics Expansion Project. The CSAR, as per standard | 
: | project process, is reviewed and revised as the project progresses and will be finalized prior to coming- | 
| into-force on July 31, 2018. | 
| | The oho risks created doy the 2 HOME * of the CSAR i in the project process - Service Lifecycle 
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CBSA - Released under the Access to Information Act 
ASFC - Divulgation en vertu de la loi sur l'Accès à l'informati 
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0 Please identify below any administrative, physical and technical safeguards in place, or to be implemented, 
| for this program or activity to ensure the confidentiality, availability and integrity of the personal 
| information. 


LX] Internal security and privacy policies and procedures 
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X] Staff training on privacy and the protection of personal information 
Screening and security checks of employees 


EX 

[X] Appropriate security levels for employees who will have access to personal information 

Contingency plans and documented procedures in place to identify and respond to security and 
privacy breaches, and to communicate security violations to the data subject, law enforcement 
authorities and relevant program managers 

[X] Regular monitoring of users' security practices 


X] Methods to ensure that only authorized personnel who need to know have access to personal | 
information | 


YY Restricted access areas 
Security guards 
Y Identification badges are worn by staff at all times 


After hours alarms and monitoring systems 


Locked filing cabinets 
Combination locks 


| 
Video surveillance (closed-circuit television) | 
Secured server locations 


Backups secured off-site 


LIPS DS B3 ET DX P3 


fées aime ans stet TS RR cia 
^ sens TT EE à tan AN AAA AA AAA RAA A AO Re EE E E E E E CE EE E TENOR + VI E 
(—————— enn aa ia 1 


i 
H E 
zx 3 IU  U FS eos ERB c PP dE : 
SSSR SEEN EEE ARR RARE ARR ARE ian NAS EEE ita Pine E E EE 1 
RAR D n SANA AR AHH ANNA Acsi iiit Ud UV Vu da Ie de dade uen deme Ad 


| 14.3 Technical safeguards 
Role-based user authorization and authentication 
| [X] Passwords (minimum of 6 characters long, include alpha and numeric characters) | 


Passwords are changed by users every 90 days and recently used passwords cannot be re-used) 


à l'information. 


Biometrics Expansion | PIA 


| Rs X] Session-time out pere ere: locks an account after a session has been idle for a 
| "s amount of time) 


7 Virtual Private Network (VPN) 

| = Encryption of sensitive information 

| | ] Government of Canada Public Key Infrastructure Certificates (PKI) 
External Certificate Authority (CA) 

| X] Audit trails 

7 E Other 


aiiai a dae aa ea ana a a EEEE EEEE TT TA ITIN mm AA A A A A A DO O EE dem di dina nae 


Details: 


| Will the information system(s) used to deliver the program or activity employ cookies or other tracking 
technologies to collect personal information about users and their transactions? 


- idem ian reflected i in the Sac lies" : 

| 15.4 AND, those responsible for implementing and using tracking technologies to collect personal 

| information or who may have access to personal information collected through these methods are 

0 made aware of privacy and security policy requirements; 

| 15.5 = | AND, where personal information collected through such tracking technologies is used to make a 

o | decision that directly affects the individual to whom the information relates, it will be retained fora _ 
minimum of two years after the last administrative action as required under the Privacy Regulations. — 


NO 


| 16. Technology and Privacy - Surveillance or Monitoring 


| Will the new or modified program or activity result in new or increased surveillance or monitoring of a 
| targeted population? 


€ 
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| Æ 
16 * Ml Consult with your legal advisors to determine whether or not such surveillance or monitoring 


- activities raise any issues relating to the Charter of Rights and Freedoms, the Privacy Act or other 

applicable acts. 

16.2 | | And, ensure the surveillance or monitoring method(s) to be used, the characteristic(s) of the 

| targeted population and the scope of the surveillance or monitoring are adequately described under 
Part 6: Technology and Privacy of “Section 2 — Risk Area Identification and Categorization” of the 

| CBSA PIA. 

|. 16.3|. | AND, any personal information collected or created as a result of such surveillance or monitoring is 

| described in the relevant PIB and in Section 3 — Analysis of Personal Information Elements" of the 

| CBSA PIA. 

(164 BE AND, the collection or use of À o information in or onu is ee 
information: oF r defeat the purpose or aA the use for which the end infermationa is 
collected. 

If notice about surveillance c or r monitoring will not be provided 


pes a cs A ee 
| 16.5| | AND, those responsible for implementing and using such surveillance or monitoring method(s) or 


who may have access to personal information collected or created through these methods are made 
aware of privacy and security policy requirements. 


| 16.6 [X] The new or modified program or activity will not result in additional surveillance or monitoring. 
| 17. Considerations Related to Compliance, Regulatory Investigation, Enforcement | 
ac MEC a E M E EUM mm RM M e ERRER ERRA E EEEN MEOS RCM E N | 


| | Does the program or activity involve compliance/regulatory investigation or law enforcement, surveillance | 
| or intelligence gathering that targets specific individuals against whom penalties, criminal charges or 
| sanctions may be applicable? 


| YES 
EU 1D 


IX} Consult with your legal advisors to determine whether or not the compli ance/regulatory 
investigation or law enforcement activities raise any issues relating to the Charter of Rights and 
Freedoms, the Privacy Act or other applicable acts. 


EE 2 x AND, identify the legislative authority and the specific regulatory or law enforcement purpose 
| _ involved: 


RAA Hi A A A A en on 


|| 
| la ae \t specified in the ; Act: or aso coula result ir in a o on 7 under the 


a identi fication and determination of  Fadmissibllty of the person. , Failure t to o cormply witha an n obligation o or 
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e 10.01 À person ve makes a claim, application or request under this Act must follow the 
procedures set out in the regulations for the collection and j verification of biometric information, 

including procedures. for the collection of further biometric information for verification purposes | 

after a person's claim, application o or request is allowed or accepted. | | 


E Obligation — answer truthfully | 


oe 16 a) A person who m an ib cq must answer ecc al = put to usd ar the 


the ara reasonably ri requires. 
. Marginal note: Obligation — appear for examination a | 


E 
| 
| 
| 
| (1.1) A person who makes an application must, on request of an officer, appear for an 


e Marginal note: Obligation — relevant evidence | | 
(2) In the case of a foreign national, | | 


+ (a) The relevant evidence referred toin subsection (1 (1) includes photographic and 
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fingerprint evidence; and 


e (b) Subject to the regulations, the foreign national must submit to a medical examination. 


* Marginal note: Obligation — interview 


ust, on request of an officer, appear for an | 
iis the Canadian Security Intelligence 


(2.1) A foreign national who makes an applica 
| interview for the purpose of an investiga cond 
| Service under section 15 of the Canadian : ecur ty Intelligence Service Act for the purpose of 
| providing advice or information to the Minister der section 14 of that Act and must answer 


truthfully all questions put to them during tt e interview. 


* Marginal note: Evidence relating to identity 


(3) An officer may requi ire or obtain froma permanent resident o Ora foreien national who is : 
arrested, detained, subject to an examination or subject toa removal order, any evidence - — 
: photographic, fingerprint or otherwise - — that may be used to estat lish their identity or 
cn with this Act. 


e 2010, €. 8, s. 2: | - 
. o 16, s. 5; || 


(a r contravenes a provision of this Act for which a penalty is not specifically provided c or fails to 


comply with « a à condition or obligation imposed under this Act. 


17 3 ><) AND, if the legislative authority differs from the legal authority for the program or activity, ensure it 
l is adequately reflected in the response to Question 1 of “Section 5 — Privacy Compliance Analysis" 
and in | "Section 1 — Overview and PIA Initiation “of the CBSA PIA. 
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| 17.4 Dd] AND, any personal infc information collected or created as a result of such. regulatory or criminal 

: enforcement, surveillance or intelligence gathering program or activity is described in thie relevant 
PIB and in "Section 3 — Analysis of Personal Information Elements" of the CBSA PIA. 

| AND, the collection or use of personal information through these compliance / regulatory 
investigation or enforcement activities is adequately reflected in the "Privacy Notice", unless such 
notification might result in the collection of inaccurate information or defeat the purpose, or 
prejudice. the use, for which the personal information i is collected. 


E —— A Ana a mm SA rar: anaman 


Details: A Privacy Notice, which will be updated upon fi fi nal publication of support regulations i is sposted | 
on the wall at each LiveScan device where it will be visible at the E beginning of the biometric enrolment. - 


j 
j 


Privacy Notice 


To individuals who are required to submit fingerprints and photographs under the Immigration c and xm 
Refugee Protection Act: 


Legislative authority to fingerprint: 

Where fingerprints and photographs of applicants seeking admission into Canada are requested, 
compliance is required by law. Failure to comply may result in Lue iHe ded authority t to 
| collect this personal ! informati ion are sections 10.01 and 16 of the Immigr Refuc | 
Purpose of the collection of fingerprints: 


The personal information you are required to provide will be used to assess your application in 
accordance with the Immigration and Refugee Protection Act. The information may be shared with 0 
other law enforcement agencies in accordance with the Privacy Act. | 
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Retention and di Mnt standards: 


Related to PR# CIC ASB 001. TBS Registration: C :00521 18B 
270). 


Access to personal information: 


Under the Privacy Act and the Access to Information Act, individuals have the right to protection and 
access to their personal information. Details on these matters are available at www.infosource.gc.ca 
and through the IRCC Call Centre. info Source is also available in Canadian public libraries. For further 
information contact: 


Vini eoi ain e e E E B RR RR RR PA RR RAI A A A A RR A A AAA A A A AS ANA A uh a A na a a e aaa RR Ra [RA RA AA A A AA A RANT AAA 


Immigration, Refugees and Citizenship Canada | 
| Access to Information and Privacy Coordinator | | | 
| Public Rights Administrator Division | 
Narono Building 

360 Laurier Avenue, 10th floor 


| ] if notice about the compliance/regulatory investigation or law enforcement activities will not be 
provided. 
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ons 


This table summarizes the privacy risks identified through the PIA process, and categorizes levels of risk as 
low, moderate, or high. Risk is defined by factors of impact and likelihood of occurrence. The goal of privacy 
risk management is to maintain privacy risks within acceptable bounds. The higher ratings provide an 
indication of priority areas for implementing suggested risk mitigation mechanisms. Criteria for ranking are 
set as follows: 


(L)ow: There is a remote possibility that the risk will materialize and/or the impact of the risk to the program 

is minor. 

(M)oderate: The possibility of the risk materializing is very low although the impact of such a risk is high, OR 

the possibility of the risk materializing is high but the impact of such a risk is minor, OR the impact and 

likelihood of the risk occurring are both determined to be moderate. 

(H)igh: There is a near certainty that the risk will materialize if no corrective measures are taken and/or the 

impact of the risk on the program is severe. 

| Element Nature of Risk — L M H Recommendations 

| Retention and | CBSA retention period for data | 
Disposal of | collected via traveller processing 

| Personal | varies by initiative, from 7 years | 

| information | to 15 years. 


CBSA to conduct a review of the 
retention period for information 
collected via traveller processing, 
and explore the possibility of 

| aligning the traveller processing 

| records for entry, which are 

| currently retained for seven years, 

| with the retention period for 

| Entry/Exit initiative (exit records), 

| which is set for 15 years retention 

past the point of collection. 


| Future Border A PIA has not been conducted. | | A PIA be completed for the 
| Processing | | | Generic Passage Flow (GPF) 
| | 0 initiative. This initiative will enable | 
| a unified operational model with 
| tightly integrated and 
| standardized business processes, 
information and technology that 
| are used throughout the border 
x | processing continuum and 
| includes people, goods, or 
| conveyances in all modes, pre- 
| border, at the border, post 
border, and applies to all CBSA 
| programs. The project goal is to 
provide one process and one 
| system for the traveller passage 
| continuum. 
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A PIA has not been conducted. 


The Agency has not conducted a 
PIA on general primary 
processing; as such, the risks are 
d unknown at this time. 
The PIB for the Biometrics 
Expansion Program has been 
created and required formal | 
approval from TBS for publication. | 


| Anew PIB had been approved in 
| principle for the Biometrics 

| Expansion Project, but has yet 
to receive formal approval and 
has not yet been published. The 
PIB is attached to this 
assessment. 


A PIB related 
specifically to 
Biometrics 
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[ SECTION 7 - SUPPLEMENTARY DOCUMENTS LIST 


List of supplementary documents that support the conclusions of this CBSA Privacy Impact Assessment. For 
each document, the specific sections of the documents (subject, chapter, page, paragraph, etc.) that 
correspond with the CBSA PIA are cited and linked to the PIA sections. 


Document 
Reference 
Entire SLA 


Document PIA Reference 


Section 2 Risks 


| RCMP/CBSA Service Level Agreement (SLA) 


Information Sharing Toolkit: Entire toolkit 

1. Policy on Disclosure of Personal Information: Section 8 of 
the Privacy Act 

2. Policy on the Disclosure of Customs Information: Section 
107 of the Customs Act 

3. Directive on Sharing information Pursuant to the Security of 
Canada information Sharing Act (SCISA) 

4. Policy on Implementing the Ministerial Direction to the CBSA 
on Information Sharing with Foreign Entities 

5. Operational Guidelines on the Ministerial Direction 

| 6. Public Interest Disclosures under 8(2)(m)(i) of the Privacy Act 

| 7. Public Interest Disclosures under s. 107(6)(a) of the Customs 

| 8. Operational Guidelines on the Disclosure of Information for 

| Enforcement and Intelligence 

9. CBSA Information Sharing Checklist 

10. FAQs relating to the Privacy Act and the Customs Act 


Operational Bulletin PRG 2018-29: Expansion of the Biometrics 


Entire Document 
Program amine’ into Force 1 | 


Entire Document 


peer Gui HUND Disclosure of Information for Enforcement 
E and ee 


Entire Document 


Draft PIB 
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The following signature represents a 
commitment to comply with sections 4 to 8 of 
the Privacy Act and the related privacy policy 
requirements outlined in the CBSA PIA as they 
relate to the administration of the identified 


| Martin Bolduc, Vice Prés 


NU D 


JUL 3 1 2018 


Date 


Note: Responsibility for sections 4 to 8 of the Privacy 
Act rests with all employees of government 

| institutions that handle personal information. Officials 
| who manage such programs and activities are 

e responsible for ensuring that such requirements are 

| implemented as part of the administration of the 

| program or activity. 
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1—————————————————— —————————————— 


The following signature represents a commitment 
by the Head of the institution or his/her 
delegate(s) who is responsible for establishing 
personal information banks in accordance with 
section 10 of the Privacy Act. 


Privacy Division 


JUL 2 5 2018 
Date Hb 


Note: Under the Privacy Act, the Head or his/her 
delegate(s) is responsible for complying with legal and 


approval and registration of personal information 
banks 
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| Annex A: Pri 


Privacy Compliance | Action required to support legal and policy compliance | Done | Tobe 
Analysis question # — (cross reference to relevant question of Section 5 — Privacy | Gone 
- Compliance Analysis) e 


2 - a) The categories and elements of personal information to be 
. collected for the new program or activity have been carefully 
assessed based, for example, on the CBSA's experience gained 
with the administration of a similar program or activity. The — 
personal data collected will be limited to only that which is 
required.) 


| b) Categories and elements of personal information have been 

| described in the relevant PIB for the program or activity. 

| c) Controls and procedures will be implemented to ensure the CBSA | 
does not collect more personal information than necessary for | 


4 and 5 e a) All of the requisite “Privacy Notices” and “Consent Statements” 
that meet the requirements of sections 6.2.9 to 6.2.12 of the 
Directive on Privacy Practices have been drafted. (Texts of the 
notices and consent statements must be included as an annex.) 


| b) Controls and procedures have been implemented to keep 

. records of individual consents, and to ensure that persons acting 
on behalf of individuals who do not have the capacity to provide 
consent have the authority to do so under section 10 of the 


and Archives Canada to authorize the disposal of the records e Dd : Lj 
containing personal information for the program. 1 | 
| b) Controls and procedures have been implemented within the O H |] 
o program or activity and the CBSA ATI and Privacy Division to 0 
ensure that information that has been used for an 


: period established by the Privacy Regulations. 
| c) Reference to the DA, the retention period and the disposition 


8 Controls and procedures are in the process of being implemented to | | 
ensure thatthe personal information associated with the programis [x] | = 
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- Privacy Compliance 
Analysis question # 


Action required to support legal and policy compliance | Done To be 
(cross reference to relevant question of Section 5 — Privacy E. | done 
Compliance Analysis) | 


. Other Privacy Considerations related to specific principles that are not exptoredi in the previous 17 sections: 


{these considerations should be explored in the Executive Summa ry) 


Openness 


| Describe how the results of any privacy impact assessment or audit [] : x 


will be made available to the public. The Executive Summary will be 
| published on the external CBSA ATI and Privacy Division website at 
| http://www.cbsa-asfc.gc.ca/agency-agence/reports-rapports/pia- 


| Are policies and practices relating to the ple s management 


efvp/atip- aiprp/pias-sefp- -eng. html 


| and handling of personal information available to the publ ic? 


Is there a communications plan to explain to the public how 


: personal information Wi il be managed and protected? 


Is there a clearly defined and easy process for individuals to access _ x | 
| such information and/or communicate with appropriate individuals - | 

with respect to policies and practices relating to management and 

protection of personal information? 


- Where appropriate, will public consultation take place on the | : [J 


individual's Access 
to 
Personal Information 


Is the system designed to ensure that an individual can have access 
to his/her personal information, including all other programs or 


privacy im plications of the proposal? 


applications that have received copies of the information? s. inc 


A Are there decumented procedures devel loped c or planned c on how to — es | L 


Are individuals provided with access to their — information 


make privacy requests or requests for the correction of personal 


information? s. 12 (2) 


jn | the official language of their choice? s. 17(2) 


If appropriate, are individuals provided with access to their personal - LJ 


- information in an alternative format? s. 17(3) 


“Challenging 
Compliance 


Are the complaint procedures for the ur program or service x 
consi istent with legi islated requirements? s. 29- 35 | 


a rares been established to log and periodically n review thé 
nature, frequency and resolution of complaints? 


Are there oversight and review mechanisms ifbiétientéd or 


| available to ensure accountability? 


frenum ASFC - Divulgation en vertu de la loi sur l'Accè 


CBSA - Released under the Access to Information Act. 
és à l'informati 


Biometrics Expansion | PIA 


Privacy Compliance Action required to support legal and policy compliance. | Done | To be 
Analysis question # — (cross reference to relevant question of Section 5 — Privacy | done 


Canada Border Services Agency 


à l'information 


